Cross-government communities of practice privacy notice
Published 20 May 2021
Communities of practice are professional networks with members from across government. Members join to meet, learn, share knowledge and tackle common problems. Community organisers collect personal data to manage their community of practice.
Cross-government communities of practice are provided by the Government Digital Service (GDS) and the Central Digital and Data Office (CDDO), which are part of the Cabinet Office. The data controller for GDS and CDDO is the Cabinet Office – a data controller determines how and why personal data can be processed. Read the Cabinet Office’s entry in the Data Protection Public Register for more information.
Why we need your data
For a number of the activities that we undertake to manage the communities of practice, we need to process personal data. These activities include:
- managing membership of the community that you have signed up to
- enabling communication and collaboration between community members
- managing feedback, including gathering it to improve our management of the community, and responding to it if you have asked us to
- provision of news and updates about the community of practice that you have signed up to, including:
- learning and development opportunities
- invitations to share best practice between the community
- relevant information and guidance
- ways to take part in the community
What data we collect from you
We collect certain information and data about you when you sign up to one of our communities of practice.
We collect your:
- name
- business contact details
Mailing list, newsletters and updates
If you sign up to our mailing list (which might be via an online newsletter platform, an email group or business email) we will collect your:
- name
- email address
- IP address (if subscribing to a newsletter through a sign-up form)
- date and time an email is opened (if subscribed to an online newsletter)
- what links you click on (if subscribed to an online newsletter)
We may also list on our communication tool if you’re a GOV.UK publisher, have attended one of our events or are part of a non-content profession (for example a press officer) to ensure you get the right information.
To unsubscribe from mailing lists and newsletters you can:
- use the link on the newsletter
- remove yourself from a Googlegroup
Collaboration Tools
When you use our collaboration tools and platforms we may additionally collect your:
- user profile on the tools and platforms
If we communicate with you via video conference or virtual collaboration platforms, the information may also include your image or voice.
Where we use our suppliers to provide video conferencing and online collaboration tools, the information may also include IP address and session data. You can refer to the privacy policies of the suppliers when accessing their tools for more information.
Recording the communication and collaboration
If the collaboration is via video conference or online collaboration platform, we may record it. When this happens, we’ll inform you in the invitation to the session that recording will take place, and again at the start of the session before recording begins. The full consent process for recording virtual events is managed on an event by event basis.
Legal basis for processing data
The legal basis for processing your personal data is in the exercise of a public task. Cross-government communities of practice are provided to improve standards, output and quality across government, and to help public sector workers to do their job.
When we record events that are held virtually, the legal basis for processing your data is your consent. The full consent process is managed on an event by event basis. However, if you do not want to be recorded during a virtual event, you can simply turn your camera and microphone off.
For those not working for the public sector, we process your information on the basis of your consent. Your consent to:
- joining the community of practice is given when you ask to join
- receiving news and updates is given when you opt in to receive news and updates
To withdraw your consent, you can simply opt out of the mailing list, or contact your community of practice liaison.
What we do with your data
GDS and CDDO use third party applications to facilitate collaboration with other government departments, including sharing:
- information
- news and updates
We also use the following applications:
- mailing list providers when you sign up to receive emails, news and updates from us
- video conferencing and online collaboration tools when you join virtual collaboration sessions
- software collaboration platforms when you share material, feedback or make a contribution
- support providers when you contact us for assistance
These applications are ‘data processors’, which means they process personal data on behalf of GDS and CDDO. Some of these data processors may also process:
- your IP address
- session data
Some of our data processors use a technology in the emails that means we can see when you open an email or click on certain links. The information is used to create reports that show how an email performed and what actions people took from it.
We will not:
- sell or rent your data to third parties
- share your data with third parties for marketing purposes
How long we keep your data
We will keep your personal data for 3 years or until consent is withdrawn (if we are relying on your consent).
Where your data is processed and stored
As your personal data is stored on our IT infrastructure and shared with our data processors, it may be transferred and stored securely outside the United Kingdom. Where that is the case it will be subject to equivalent legal protection through the use of Standard Contract Clauses or Adequacy Decisions.
We also design, build and run our systems to make sure that your data is as safe as possible at any stage, both while it’s processed and when it’s stored.
How we protect your data and keep it secure
We are committed to doing all that we can to keep your data secure. We set up systems and processes to prevent unauthorised access or disclosure of the data we collect about you – for example, we protect your data using varying levels of encryption. All third parties who process personal data for GDS are required to keep that data secure.
Children’s privacy protection
We do not design or promote services for children who are 13 years of age or younger, and we do not intentionally collect or keep data about anyone under the age of 13.
Your rights
You have the right to request:
- information about how your personal data is processed
- a copy of that personal data
- that anything inaccurate in your personal data is corrected immediately
You can also:
- raise an objection about how your personal data is processed
- request that your personal data is erased if there is no longer a justification for it
- ask that the processing of your personal data is restricted in certain circumstances
If you have any of these requests, get in contact with our Privacy Team - you can find their contact details below.
If your personal data is processed on the basis of consent, you have the right to:
- withdraw consent to the processing of your personal data at any time
- request a copy of your personal data - this copy will be provided in a structured, commonly used and machine-readable format
Changes to this notice
We may change this privacy notice. When we make changes to this notice, the ‘last updated’ date at the top of this page will also change. Any changes to this privacy notice will apply to you and your data immediately. If these changes affect how your personal data is processed, GDS will take reasonable steps to make sure you know.
Questions and complaints
Contact the GDS Privacy Team if you either:
- have any questions about anything in this document
- think that your personal data has been misused or mishandled
- want to make a subject access request (SARS)
Email: gds-privacy-office@digital.cabinet-office.gov.uk
The contact details for the Cabinet Office’s Data Protection Officer are:
You can also complain to the Information Commissioner, who is an independent regulator.
Information Commissioner's Office
Email icocasework@ico.org.uk
Contact form https://ico.org.uk/glo...
Telephone 0303 123 1113
Textphone 01625 545 860